cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1535
Views
0
Helpful
3
Replies

IPSEC VPN tunnel only works for 60 minutes

Hi,

I have a Cisco 2811 verwion 15.1(2)T2 and a PIX501 version 6.3(3). I have configured an IPSEC VPN  betwene the devices over the internet and all works well for the duration of the ESP SA lifetime (3600 seconds) and then I cannot get any traffic over the connection.

I have checked CCO for bugs but have yet to find any.


Any assistance would be appreciated.

Thanks.

Regards,


Andrew

3 Replies 3

HI Andrew,

Looks like Phase-2 rekey is not going well.

Does the tunnel still stay up and not pass traffic? OR

Does the Tunnel go down and we need to rebuild it after sometime?

Post the following outputs:

show crypto isakmp sa detail (from both PIX and Router)

show crypto ipsec sa peer (from the router)

show crypto ipsec sa peer (from the pix)

when this happens again, could you post the debugs from both the router and the pix (debug crypto isakmp and debug crypto ipsec).

To recreate the issue, can you reduce the ESP lifetime to say 10 minutes (600 seconds) and let me know if the tunnel stops working in 10 minutes.

Regards,

Praveen